2024-05-25_3a6c5f5d2f5f69c28b27053a7908e9fa_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-25_3a6c5f5d2f5f69c28b27053a7908e9fa_icedid
Size

2.5MB
MD5

3a6c5f5d2f5f69c28b27053a7908e9fa
SHA1

33fd81aee97a486f47f9b47f79e9754fe7a50860
SHA256

548abb010161b5418fe3f2afd6e81d19895b862dced3a9d30707e3c5cb8f98e2
SHA512

6a2543589b763f2de0e839ff42c534b90d29b040d118d612dd6a6a4e239e4d7add0201f6409edbb51d86eab106f77b96ce7f759f264fa32fa2b636497c70beee
SSDEEP

24576:t84LfC/IA40T0ep8E3O+2ZTpH7JXJhXZu4y5ABTjqCkcTYlzCMFwYWX426IQHtf5:U/zFOZTx7JXJhTm+TYpGkIAtfazfIn

Score

1^/10

Malware Config

Signatures

Files

2024-05-25_3a6c5f5d2f5f69c28b27053a7908e9fa_icedid
.exe windows:5 windows x86 arch:x86

5be002cd9b3fb405ee9adead54dbfdad

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:68:18:be:19:a8:48:9b:79:38:ce:fa:d9:50:92:66
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/04/2014, 00:00

Not After

22/05/2017, 23:59

Subject

CN=Shenyang GeneralSoft Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenyang GeneralSoft Co.\, Ltd,L=Shenyang,ST=Liaoning,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:53:bb:a2:46:65:5e:57:78:40:b9:0f:5d:db:61:a1:4c:71:73:b6
Signer

Actual PE Digest

88:53:bb:a2:46:65:5e:57:78:40:b9:0f:5d:db:61:a1:4c:71:73:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CPUID\applications\cpu_z\cpu_z_cn_vc2008\Release\cpuz_x32.pdb

Imports

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

SetErrorMode
GetStartupInfoW
HeapAlloc
RaiseException
RtlUnwind
HeapReAlloc
ExitProcess
HeapSize
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetEndOfFile
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleOutputCP
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
FlushFileBuffers
WritePrivateProfileStringW
lstrlenA
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetCurrentThreadId
FreeResource
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetCurrentThread
lstrcmpiA
GetSystemDirectoryA
GetModuleHandleA
FindResourceA
GetWindowsDirectoryA
RemoveDirectoryA
GetComputerNameA
GetCurrentDirectoryA
GetModuleFileNameA
CreateDirectoryA
GetLocalTime
DeleteFileA
SetCurrentDirectoryA
GetTempPathA
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
LocalAlloc
LocalFree
SetThreadAffinityMask
GetSystemInfo
CreateFileA
GetProcessAffinityMask
SetProcessAffinityMask
DeviceIoControl
ReadFile
CreateEventA
GetOverlappedResult
WriteConsoleA
SetFilePointer
GetVersionExA
LoadLibraryA
CreateMutexA
SetLastError
ReleaseMutex
GetProcessHeap
HeapFree
GlobalMemoryStatus
GetTempPathW
GetVersionExW
WinExec
lstrlenW
lstrcatW
lstrcpyW
WriteFile
GetCurrentProcess
CreateFileW
WriteConsoleW
ExitThread
Sleep
ResumeThread
SetThreadPriority
GetStdHandle
CreateThread
WideCharToMultiByte
LoadLibraryW
FreeLibrary
MultiByteToWideChar
GetLastError
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
WaitForSingleObject
CloseHandle
InterlockedDecrement
GlobalSize
GlobalReAlloc
GlobalAlloc
GlobalFree
SetCurrentDirectoryW
GetComputerNameW
GetCurrentDirectoryW
LockResource
SizeofResource
LoadResource
FindResourceW
SetHandleCount

user32

LoadCursorW
GetSysColorBrush
UnregisterClassW
DestroyMenu
PostQuitMessage
LoadIconW
SendDlgItemMessageA
WinHelpW
GetClassLongW
GetClassNameW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
GetMenu
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDesktopWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetWindowTextW
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
EndPaint
BeginPaint
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetPropW
GetCapture
GetActiveWindow
SetActiveWindow
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowLongW
GetParent
GetDlgItem
IsWindowEnabled
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
wsprintfA
ModifyMenuW
WindowFromPoint
PostMessageW
ReleaseCapture
DrawEdge
DrawFocusRect
FrameRect
DrawFrameControl
InflateRect
FillRect
CopyRect
CheckMenuItem
EnableMenuItem
AppendMenuW
PtInRect
ClientToScreen
CreatePopupMenu
CreateCursor
SetWindowLongW
SetCursor
DestroyCursor
UpdateWindow
InvalidateRect
KillTimer
DestroyIcon
OffsetRect
GetSysColor
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
LoadImageW
MessageBoxW
wsprintfW
ReleaseDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClientRect
GetDC
GetWindowDC
EnableWindow
GetWindowRect
LoadBitmapW
SendMessageW
RegisterWindowMessageW
IsWindow
GetCursorPos

gdi32

CreatePen
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreatePalette
GetSystemPaletteEntries
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetTextExtentPoint32W
SelectObject
CreateSolidBrush
SetPixel
GetCurrentObject
CreateFontIndirectW
GetPixel
CreateBitmap
CreateFontW
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetStockObject
DeleteObject

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenProcessToken
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

SHGetFolderPathA
ShellExecuteW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW

ole32

CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
StringFromGUID2

oleaut32

SafeArrayGetElemsize
SafeArrayGetElement
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysStringLen
SafeArrayGetVartype

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 967KB - Virtual size: 967KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5be002cd9b3fb405ee9adead54dbfdad

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6e:68:18:be:19:a8:48:9b:79:38:ce:fa:d9:50:92:66Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

88:53:bb:a2:46:65:5e:57:78:40:b9:0f:5d:db:61:a1:4c:71:73:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 257KB - Virtual size: 256KB

.data Size: 115KB - Virtual size: 140KB

.rsrc Size: 967KB - Virtual size: 967KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6e:68:18:be:19:a8:48:9b:79:38:ce:fa:d9:50:92:66
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

88:53:bb:a2:46:65:5e:57:78:40:b9:0f:5d:db:61:a1:4c:71:73:b6
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 257KB - Virtual size: 256KB

.data
Size: 115KB - Virtual size: 140KB

.rsrc
Size: 967KB - Virtual size: 967KB